
In the Claims 

Please amend the claims as follows: 



1 . (currently amended) A method for securely transferring data between an agent and an 
application server through a non-secure node comprising: 

(a) establishing a session key between the agent and the application server by 
utilizing a public key of the application server; wherein the public key of the application 
server [[in]] is embedded in the agent to enable the agent to derive the session key : and 

(b) establishing an end-to-end secure connection between the agent and the 
application server by using the session key and by establishing a communication link 
between the application server and the non -secure node by using a relay module. 

2. (currently amended) The method of claim 1 wherein establishing a communication link 
between the application server and the non-secure node by using a relay module 
comprises: 

dynamically instantiating , by the application server, the relay module having a 
first port for communicating with the application server and a second port for 
communicating with the agent, the relay module listening on a first predetermined port 
number on the first port and a second predetermined port number on the second port; and 

the application server connecting to the first port of the relay module to establish a 
connection therewith. 

3. (original) The method of claim 2 wherein establishing a communication link between 
the application server and the agent through a relay module further comprises: 

pushing data encrypted by the established session key from the agent to the 
application server over the end-to-end secure connection. 

4. (original) The method of claim 2 wherein establishing a communication link between 
the application server and the agent through a relay module further comprises: 
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pulling data encrypted by the session key from the application server over the 
end-to-end secure connection to the agent. 

5. (original) The method of claim 1 wherein establishing a session key between the agent 
and the application server by utilizing a public key of the application server further 
comprises: 

establishing a shared secret key between the application server and the agent for 
encrypting and decrypting data sent therebetween. 

6. (original) The method of claim 5 wherein establishing a shared secret key between the 
application server and the agent for encrypting and decrypting data sent therebetween 
comprises: 

encrypting the shared secret key with the public key of the application server to 
generate an encrypted shared key; 

sending the encrypted shared secret key to the application server; and 
decrpyting the shared secret key with the private key of the application server, 

7. (original) The method of claim 5 wherein establishing a shared secret key between the 
application server and the agent utilizes a key transfer protocol. 

8. (original) The method of claim 7 wherein the key transfer protocol is the Rivest, 
Shamir, Adleman (RSA) public key algorithm. 

9. (original) The method of claim 5 wherein establishing a shared secret key between the 
application server and the agent for encrypting and decrypting data sent therebetween 
utilizes a key agreement protocol. 

10. (original) The method of claim 9 wherein the key agreement protocol is the Diffie- 
Hellman (DH) public key algorithm. 
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1 1 . (currently amended) The method of securely transferring data between an application 
server and an agent of the application server through a non-secure environment having a 
web-server and the agent, the method comprising: 

a) a user accessing the web-server to download the agent therefrom; wherein the 
agent includes a public key of the application server; 

b) the agent e stablishing deriving a shared session key with the application server 
by using the public key of the application server, the shared session key for use in 
encrypting and decrj^ting data to be transferred between the agent and the application 
server; 

c) the application server establishing a connection to the web-server; and 

d) the agent contacting the web server by using a first protocol to send data 
encrypted by the session key to the application server over the connection between the 
web-server and the application server. 

12. (original) The method of claim 1 1 wherein the application server establishing a 
connection to the web-server further comprises 

cl) the application server dynamically instantiating a relay module by sending a 
URL associated with the relay module to the web-server, the URL specifying a first 
predetermined port for communication between the web-server and the relay module; 

cl) the application server connecting to the relay module on a first predetermined 
port; and 

c3) the application server reading data from the relay module through the 
connection on the first predetermined port. 

13. (original) The method of claim 12 wherein the agent contacting the web-server by 
using a first protocol to send data encrypted by the session key to the application server 
over the connection between the web-server and the application server further comprises 

dl) the agent encrypting the session key with the public key of the application 

server; 

d2) the agent collecting data; 

d3) the agent encrypting the collected data with the session key; 
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d4) sending the encrypted session key and encrypted measured data to the 
appHcation server by using a forwarding module that connects to a second predetermined 
port of the relay module. 

14. (original) The method of claim 1 1 wherein the first protocol is one of HTTP and 
HTTP/SSL. 

15. (currently amended) A secure data transfer system for connecting a non-secure node 
to an application server behind a firewall comprising: 

a) a web-server in the non-secure node; 

b) a relay in the non-secure node that is dynamically instantiated by the 
application server, the relay having being configured by the application server to have a 
first port for listening for a connection fi:-om the application server; 

wherein the application server connects to the relay on the first port and reads data 
from the first port. 

16. (currently amended) The secure data transfer system of claim 15 further comprising: 

a) an instantiation modul e for instantiating th e r e lay module in respons e to an 
URL associated with the relay modul e wherein the relay does not initiate the connection 
with the application server but waits for the application server to establish the connection . 

17. (original) A secure data transfer system for establishing an end-to-end secure 
connection between an agent and an application server behind a firewall through a non- 
secure node comprising: 

a) a web-server residing in the non-secure node, the web-server having the agent 
that includes a public key of the application server; 

b) a browser in communication with the web-server for downloading the agent 
from the web-server; 

c) a secure transfer module residing in the non-secure node; and 

d) an application server in a secure zone for initiating a connection to the web- 
server via the secure transfer module. 
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18. (original) The secure data transfer system of claim 17 wherein the secure transfer 
module further comprises: 

cl) a relay module for listening to a first port and a second port; 

c2) an instantiation module for executing the relay module in response to a 
command fi'om the application server; 

c3) a forwarding module for transferring data fi-om the agent to the relay module 
in response to a command from the agent; and 

wherein the relay module listens to the first port for a connection by the 
application server and listens to the second port for a connection by the forwarding 
module. 

19. (original) The secure data transfer system of claim 16 wherein the non -secure node is 
a web-server node. 

20. (new) The method of claim 1 further comprising transferring data between the agent 
and the relay module via an unsecure communication link. 

21 . (new) The method of claim 1 1 comprising transferring data between the agent and the 
web-server via an unsecure communication link. 

22. (new) A method, comprising: 

embedding in code of an agent a public key of an application server that is behind 
a firewall; 

downloading the code of the agent and the public key into a browser; 

verifying the agent to authenticate the public key of the application server; 

establishing a communication link between the application server and a relay 
module that is in a non-secure environment and between the browser and the relay 
module; and 

securely transferring data from the browser through the relay module to the 
application server without requiring a trusted intermediate party. 
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23. (new) The method of claim 22 wherein the trusted intermediate party is selected from 
the group consisting of a trusted node, a trusted server, and a secure channel. 

24. (new) The method of claim 22 further comprising collecting data with the agent. 

25. (new) The method of claim 24 wherein collecting data with the agent further 
comprises measuring time required to load data into the browser. 

26. (new) The method of claim 22 wherein the communication link between the browser 
and the relay module is an unsecure communication link. 
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